My account
Research Academy
Customers About Blog Careers Legal Contact Resellers
My account Customers About Blog Careers Legal Contact Resellers
Burp Suite DAST Burp Suite DAST The enterprise-enabled dynamic web vulnerability scanner. Burp Suite Professional Burp Suite Professional The world's #1 web penetration testing toolkit. Burp Suite Community Edition Burp Suite Community Edition The best manual tools to start web security testing. View all product editions

Burp Scanner

Burp Suite's web vulnerability scanner

Burp Suite's web vulnerability scanner'
Attack surface visibility Improve security posture, prioritize manual testing, free up time. CI-driven scanning More proactive security - find and fix vulnerabilities earlier. Application security testing See how our software enables the world to secure the web. DevSecOps Catch critical bugs; ship more secure software, more quickly. Penetration testing Accelerate penetration testing - find more bugs, more quickly. Automated scanning Scale dynamic scanning. Reduce risk. Save time/money. Bug bounty hunting Level up your hacking and earn more bug bounties. Compliance Enhance security monitoring to comply with confidence.
View all solutions

Product comparison

What's the difference between Pro and Enterprise Edition?

Burp Suite Professional vs Burp Suite Enterprise Edition
Support Center Get help and advice from our experts on all things Burp. Documentation Tutorials and guides for Burp Suite. Get Started - Professional Get started with Burp Suite Professional. Get Started - Enterprise Get started with Burp Suite Enterprise Edition. User Forum Get your questions answered in the User Forum. Downloads Download the latest version of Burp Suite.
Visit the Support Center

Downloads

Download the latest version of Burp Suite.

The latest version of Burp Suite software for download
  • Support Center
  • Professional/Community Edition Burp Suite DAST
  • Latest Releases
  • BApp Store Extensions BChecks
  • User Forum
  • Training
Back to setup guides

Burp Suite DAST

  • Burp Suite DAST: User guide
    • Role-based access control
    • Adding local users
      • Configuring SSO groups and permissions
      • LDAP
        • SAML SSO with ADFS
        • Enabling access to ADFS groups
        • SAML SSO with Entra ID
        • Enabling access to Entra ID groups
        • SAML SSO with Okta
        • Enabling access to Okta groups
        • Configuring single logout
          • Using Okta
          • Using OneLogin
          • Managing SCIM users and groups
    • Managing users locally
    • Managing groups locally
    • Managing roles locally
    • Restricting access to sites
    • Resetting your admin password
      • Scanning web apps
      • Scanning APIs
      • Configuring API authentication
      • Viewing and configuring API endpoints
      • Configuring network and firewall settings
    • Importing sites in bulk
    • Setting the site scope
        • Using preset scan modes
        • Using custom scan configurations
        • Defining the scan configuration for a folder
        • Adding usernames and passwords for a web app
        • Adding recorded login sequences
        • Configuring platform authentication
      • Configuring upstream proxy servers
      • Adding headers and cookies
      • Scanning with extensions
      • Managing scanning pools
        • Setting up email notifications
        • Setting up Slack notifications
    • Performing a pre-scan check
    • Adding tags to sites
    • Editing existing sites
    • Managing the site tree
    • Creating scans
    • Managing scheduled scans
    • Performing bulk actions with scans
    • Viewing scan details
    • Monitoring scan progress
    • Configuring issue management settings
    • Best practices for scanning
    • Best practices for managing false positives
    • Configuring site and scan data settings
    • Downloading logs and debug packs
    • Viewing scan results
    • Tracking issues
    • Viewing issue details
    • Managing issues
      • Raising GitLab issues
      • Raising Jira tickets manually
      • Raising Trello cards
      • Raising tickets for multiple issues
    • Downloading reports
      • System requirements
      • Network and firewall settings
      • Setting up a self-hosted scanning machine
      • Managing self-hosted scanning machines
      • Deploying additional scanning machines
      • Managing Kubernetes scanning resources
      • Cloud instances
      • Self-hosted instances
    • Assigning scan limits
    • Managing certificates
    • Configuring your SMTP server
    • Configuring an HTTP proxy server
    • Allowlisting an application for CORS
    • Configuring database backups
    • Migrating to an external database
      • Getting started
      • System requirements
      • Creating a configuration file
      • Adding a configuration file
        • Integrating with Azure DevOps
        • Integrating with GitHub Actions
        • Integrating with GitLab
        • Integrating with Jenkins
        • Integrating with TeamCity
      • Integration types
      • Creating an API user for CI/CD integration
        • Configuring a site-driven scan in Jenkins
        • Configuring a Burp Scan in Jenkins
        • Configuring a site-driven scan in TeamCity
        • Configuring a Burp Scan in TeamCity
        • Configuring a site-driven scan using the generic CI/CD driver
        • Configuring a Burp Scan using the generic CI/CD driver
        • Parameter reference
      • Optional settings
    • Integrating with GitLab
      • Raising Jira tickets automatically
      • Raising Jira tickets manually
      • Managing Jira ticket duplication
    • Integrating with Trello
  • Integrating with Slack
  • Integrating with Splunk
  • Managing services
    • Updating standard instances
    • Updating Kubernetes instances
    • Adding extensions
    • Managing extensions
    • Scanning with extensions
    • Cloud
      • Kubernetes instance
      • Standard instance
    • Creating API users
      • Getting started
      • Schema reference
      • Performing common tasks
    • REST API
    • Home page
    • Sites page
    • Scans page
    • Custom scan configuration settings
    • Site and scan data settings
    • Issue details
    • Reports
    • Team page
    • Settings menu
    • User activity log
    • Site-level view
    • Folder-level view
    • Browser-powered scanning
    • Bulk actions in the site tree
    • Scanning machines
    • Network and firewall rule reference
    • Multi-factor authentication settings

DAST

Working with scans

  • Last updated: July 10, 2025

  • Read time: 1 Minute

In this section, we'll look at how you create and manage scans in Burp Suite DAST.

  • Creating scans
  • Managing scheduled scans
  • Performing bulk actions with scans
  • Viewing scan details
  • Monitoring scan progress
  • Configuring issue management settings
  • Best practices for scanning
  • Best practices for managing false positives
  • Configuring site and scan data settings
  • Downloading logs and debug packs

Burp Suite

Web vulnerability scanner Burp Suite Editions Release Notes

Vulnerabilities

Cross-site scripting (XSS) SQL injection Cross-site request forgery XML external entity injection Directory traversal Server-side request forgery

Customers

Organizations Testers Developers

Company

About Careers Contact Legal Privacy Notice

Insights

Web Security Academy Blog Research
PortSwigger Logo Follow us

© 2025 PortSwigger Ltd.